The use of biometry is spreading on account, in particular, of its natural and permanent association with an individual. In particular, biometry can be used for identity checking purposes.
Thus, it is common to store, in a database, biometric data relating to respective individuals, for example, fingerprints, characteristics of the iris of the eyes, of the voice, etc. This phase is generally called enrolment.
Subsequently, the identity of an individual having previously formed the subject of the enrolment, or at least the presence of his biometry in the database, can be checked by performing a biometric measurement of this individual and by comparing it with the biometric data stored in the database. When the biometric measurement corresponds to certain of the biometric data stored, this signifies that there is identity between the individual in question and that whose said corresponding biometric data have been stored during a prior enrolment.
However, a problem arises on account of the variability of the biometric measurements. Specifically, when the biometry considered is a fingerprint, for example, the angle of presentation of the finger and the pressure exerted by the finger on the print sensor are examples of parameters liable to significantly influence the result of the measurement. A strict comparison of two distinct biometric measurements relating to one and the same individual could therefore culminate in an erroneous conclusion of absence of identity.
WO 00/51244 discloses a method able to limit this drawback. For this purpose, it proposes to code the biometric data stored with the aid of an error correcting code.
It is recalled that there exists a multitude of error correcting codes whose common characteristic is to generate a word from an initial item while introducing redundancy thereinto. For example, for an initial item i, the word generated may be written c=f(i), where f is a public function relating to a given error correcting code. A person knowing the error correcting code used can then retrieve the item i from the word c and the function inverse to f, i.e. i=f−1(c).
In WO 00/51244, each of the biometric data is coded with a respective word of an error correcting code, so as to be considered to be a “corrupted” expression of said word. Stated otherwise, a biometry b is likened to a word c picked at random from a chosen code, in which a certain number of modifications have appeared. When these various quantities are represented by binary strings, this is equivalent to considering that b=c⊕δ, where ⊕ designates the exclusive OR operator and where δ is a binary string whose “1” bits indicate differences between corresponding bits of b and c (i.e. δ=b⊕c).
For each biometry b, a value, dependent on c, and the corresponding value of δ are stored. The value dependent on c uses a known hash function h (for example, SHA-1, MD5, RIPE-MD, HAVAL and SNERFU) whose result h(c) is a digest of c on the basis of which it is not possible to retrieve the value of c for certain. This precludes a third party having access to the database from being able to retrieve the biometry of the individuals having formed the subject of a prior enrolment.
Subsequently, when an individual turns up for an identity check, his biometry b′ is measured. When the biometry b′ is associated with the same individual as a biometry b for which parameters h(c) and δ have been previously stored, b′ can be expressed as a binary string which is akin to b, to within erasures and bit errors, related to the difference existing between two biometric measurements of one and the same individual as mentioned above. In mathematical form, this may be written:b′=b⊕errors⊕erasures.
By performing an exclusive OR of b′ and of δ, for each of the values of δ previously stored, we then obtain an expression for a word c′ of the error correcting code chosen, relating to b′. According to the foregoing, c′ is equal to the word c, to within said erasures and binary errors, it being possible to write this: b′⊕δ=c′=c⊕errors⊕erasures. As the error correcting code of which the word c forms part has been chosen precisely so that a certain quantity of errors are corrected, it is then possible to retrieve the equivalence between the words c and c′.
A hash of c′, h(c′), can thus be compared with the h(c) previously stored so as to verify the identity between these words One thus ensures that the biometry b′ is indeed that of the individual whose biometry b has been associated with the pair (h(c),δ) during a prior enrolment.
However, the method disclosed by WO 00/51244 presents several drawbacks. First of all, this method poses a problem in terms of security. Specifically, if a third party knowing the error correcting code used has access to the database of pairs (h(c),δ), he is then able to determine whether an individual has formed the subject of a prior enrolment, on the basis of his biometry b. To do this, he proceeds as indicated hereinbelow. He performs for example an exclusive OR of the biometry b with various δ stored in the database and he carries out a hash of the result of the first operation, by virtue of the hash function h, so as to compare it with the h(c) stored in correspondence with each of the δ considered. Such a situation is not desirable for obvious reasons.
Additionally, the need to carry out a hash of the code words according to the teaching of WO 00/51244 prevents the coding being exploited so as to incorporate the useful item thereinto, since such an item would in any case be lost in the digest result emanating from the hash.
One aim of the present invention is to alleviate these drawbacks.
Another aim of the present invention is to carry out a coding of biometric data such that it prevents unauthorized persons from performing an identity check on the basis of the biometric data thus coded.
Another aim of the invention is to allow a coding of biometric data that is able to incorporate the useful item.
Another aim of the invention is to allow an identity check on the basis of coded biometric data and of pertinent items relating to respective individuals, said identity check being able to be carried out only by authorized persons.